This was not specifically a WordPress hack but rather a server hack that needs to ultimately to be dealt with by your website host.

To fix start by changing your character encoding back to UTF-8 from UTF-7 by clicking Settings > Reading and typing in UTF-8 under the ‘Encoding for pages and feeds’ section and clicking ‘Save Changes’.

Next, goto Appearance > Widgets and finding a Text widget installed with the following or similar script in the text box. It might appear under ‘Inactive Sidebar’.

“<script>document.documentElement.innerHTML = unescape(‘%48%61%63%6b%65%64%20%42%79%20%42%61%64%69’);</script>”

You’ll need to reconfigure your widgets.

Then change your site title back under Settings > General.

UTF-7, which the hack sets your character set to is to allow code to be passed through the DB and is detrimental from a security point of view.

If you go into the Settings > Reading screen in the BEFORE you delete Badi’s text widget with his/her script in, then you see an option called  ‘Encoding for pages and feeds’ to set the character encoding back to UTF-8. If you delete the script then that option disappears.

The option was taken out of the dashboard in WP 3.5.

WhatsApp WhatsApp Me